Tool to check AWS S3 bucket permissions
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 40 commits behind kromtech:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
README.md
s3inspector.py

README.md

S3 Inspector

Tool to check AWS S3 bucket permissions. Compatible with Linux/MacOS, python2 and python3

What it does

  • Checks all your buckets for public access
  • For every bucket gives you the report with:
    • Indicator if your bucket is public or not
    • Permissions for your bucket if it is public
    • List of URLs to access your bucket (non-public buckets will return Access Denied) if it is public

Prerequisites

Create a new IAM User

  • Create IAM user with AmazonS3ReadOnly policy attached
    • Go to IAM (https://console.aws.amazon.com/iam/home)
    • Click "Users" on the left hand side menu
    • Click "Add user"
    • Fill in user name and check Programmatic access
    • Click "Next: Permissions"
    • Click "Attach existing policies directly"
    • Check AmazonS3ReadOnly policy
    • Click "Next: Review"
    • Click "Create user"
    • Copy the credentials
      • Access key ID
      • Secret access key
  • Create ~/.aws/credentials file or paste the credentials in when you run the script
    • Put the credentials you copied in the previous step here in this format:
[default]
aws_access_key_id = <your access key ID goes here>
aws_secret_access_key = <your secret_access_key goes here>

Use existing configured IAM User

  • use your existing credentials or profile if you have a file ~/.aws/credentials like this:
[default]
aws_access_key_id = <your access key ID goes here>
aws_secret_access_key = <your secret_access_key goes here>
[my_profile_name]
aws_access_key_id = <your access key ID goes here>
aws_secret_access_key = <your secret_access_key goes here>
  • and pass the profile name or leave blank for default when requested:
python s3inspector.py
Enter your AWS profile name [default]:

Usage

python s3inspector.py

Report example

Sample report screenshot